A command-line utility that checks for best practices in SaltStack.
Project description
salt-lint
salt-lint
checks Salt State files (SLS) for best practices and behavior that could potentially be improved.
The project is heavily based on ansible-lint, which was created by Will Thames and is now maintained as part of the Ansible by Red Hat project.
Demo
Installing
Using Pip
pip install salt-lint
From Source
pip install git+https://github.com/warpnet/salt-lint.git
Usage
Command Line Options
The following is the output from salt-lint --help
, providing an overview of the basic command line options:
usage: salt-lint [-h] [--version] [-L] [-r RULESDIR] [-R] [-t TAGS] [-T] [-v] [-x SKIP_LIST] [--nocolor] [--force-color]
[--exclude EXCLUDE_PATHS] [--json] [--severity] [-c C]
files [files ...]
positional arguments:
files One or more files or paths.
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
-L list all the rules
-r RULESDIR specify one or more rules directories using one or more -r arguments. Any -r flags
override the default rules in /path/to/salt-lint/saltlint/rules, unless -R is also used.
-R Use default rules in /path/to/salt-lint/saltlint/rules in addition to any extra rules
directories specified with -r. There is no need to specify this if no -r flags are used.
-t TAGS only check rules whose id/tags match these values
-T list all the tags
-v Increase verbosity level
-x SKIP_LIST only check rules whose id/tags do not match these values
--nocolor, --nocolour
disable colored output
--force-color, --force-colour
Try force colored output (relying on salt's code)
--exclude EXCLUDE_PATHS
path to directories or files to skip. This option is repeatable.
--json parse the output as JSON
--severity add the severity to the standard output
-c C Specify configuration file to use. Defaults to ".salt-lint"
Linting Salt State files
It's important to note that salt-lint
accepts a list of Salt State files or a list of directories.
Docker & Podman
salt-lint is available on Dockerhub.
Example usage:
docker run -v $(pwd):/data:ro --entrypoint=/bin/bash -it warpnetbv/salt-lint:latest -c 'find /data -type f -name "*.sls" -print0 | xargs -0 --no-run-if-empty salt-lint'
On a system with SELinux, change :ro
to :Z
. Example below uses podman:
podman run -v $(pwd):/data:Z --entrypoint=/bin/bash -it warpnetbv/salt-lint:latest -c 'find /data -type f -name "*.sls" -print0 | xargs -0 --no-run-if-empty salt-lint'
GitHub Action
Salt-lint is available on the GitHub marketplace as a GitHub Action. The salt-lint-action
allows you to run salt-lint
with no additional options.
To use the action simply add the following lines to your .github/workflows/main.yml
.
on: [push]
jobs:
test:
runs-on: ubuntu-latest
name: Salt Lint Action
steps:
- uses: actions/checkout@v1
- name: Run salt-lint
uses: roaldnefs/salt-lint-action@master
env:
ACTION_STATE_NAME: init.sls
Configuring
Configuration File
Salt-lint supports local configuration via a .salt-lint
configuration file. Salt-lint checks the working directory for the presence of this file and applies any configuration found there. The configuration file location can also be overridden via the -c path/to/file
CLI flag.
If a value is provided on both the command line and via a configuration file, the values will be merged (if a list like exclude_paths), or the True value will be preferred, in the case of something like quiet.
The following values are supported, and function identically to their CLI counterparts:
---
exclude_paths:
- exclude_this_file
- exclude_this_directory/
- exclude/this/sub-directory/
skip_list:
- 207
- 208
tags:
- formatting
verbosity: 1
rules:
formatting:
ignore: |
ignore/this/directory/*.sls
*.jinja
210:
ignore: 'exclude_this_file.sls'
severity: True
Pre-commit Setup
To use salt-lint with pre-commit, just add the following to your local repo's .pre-commit-config.yaml
file. Prior to version 0.12.0 of pre-commit the file was hooks.yaml
(now .pre-commit-config.yaml
).
---
# For use with pre-commit.
# See usage instructions at http://pre-commit.com
- repo: https://github.com/warpnet/salt-lint
rev: v0.5.1
hooks:
- id: salt-lint
Optionally override the default file selection as follows:
...
- id: salt-lint
files: \.(sls|jinja|tmpl)$
Rules
List of rules
Formatting
Disable formatting checks using -x formatting
Rule | Description |
---|---|
201 | Trailing whitespace |
202 | Jinja statement should have spaces before and after: {% statement %} |
203 | Most files should not contain tabs |
204 | Lines should be no longer than 160 chars |
205 | Use ".sls" as a Salt State file extension |
206 | Jinja variables should have spaces before and after {{ var_name }} |
207 | File modes should always be encapsulated in quotation marks |
208 | File modes should always contain a leading zero |
209 | Jinja comment should have spaces before and after: {# comment #} |
210 | Numbers that start with 0 should always be encapsulated in quotation marks |
211 | pillar.get or grains.get should be formatted differently |
212 | Most files should not contain irregular spaces |
213 | SaltStack recommends using cmd.run together with onchanges , rather than cmd.wait |
214 | SLS file with a period in the name (besides the suffix period) can not be referenced |
Jinja
Disable jinja checks using -x jinja
Rule | Description |
---|---|
202 | Jinja statement should have spaces before and after: {% statement %} |
206 | Jinja variables should have spaces before and after {{ var_name }} |
209 | Jinja comment should have spaces before and after: {# comment #} |
211 | pillar.get or grains.get should be formatted differently |
Deprecations
Disable deprecation checks using -x deprecation
Rule | Description |
---|---|
901 | Using the quiet argument with cmd.run is deprecated. Use output_loglevel: quiet |
False Positives: Skipping Rules
Some rules are bit of a rule of thumb. To skip a specific rule for a specific task, inside your state add # noqa [rule_id]
at the end of the line. You can skip multiple rules via a space-separated list. Example:
/tmp/testfile:
file.managed:
- source: salt://{{unspaced_var}}/example # noqa: 206
Plugins
Currently, there is a salt-lint
plugin available for the following applications:
Application | GitHub Link | Store/Marketplace |
---|---|---|
Visual Studio Code | warpnet/vscode-salt-lint | VisualStudio Marketplace |
Sublime Text | warpnet/SublimeLinter-salt-lint | Package Control |
Vim (ALE plugin) | dense-analysis/ale | GitHub |
Wish to create a salt-lint
extension for your favourite editor? We're always looking for contributions!
Fix common issues
sed
might be one of the better tools to fix common issues, as shown in commands below.
Note: these commands assume your current working directory is the salt (states) directory/repository.
Fix spacing around {{ var_name }}
, eg. {{env}}
--> {{ env }}
:
sed -i -E "s/\{\{\s?([^}]*[^} ])\s?\}\}/\{\{ \1 \}\}/g" $(find . -name '*.sls')
Make the dir_mode
, file_mode
and mode
arguments in the desired syntax:
sed -i -E "s/\b(dir_|file_|)mode: 0?([0-7]{3})/\1mode: '0\2'/" $(find . -name '*.sls')
Add quotes around numeric values that start with a 0
:
sed -i -E "s/\b(minute|hour): (0[0-7]?)\$/\1: '\2'/" $(find . -name '*.sls')
Acknowledgement
The project is heavily based on ansible-lint, with the modified work by Warpnet B.V.. ansible-lint was created by Will Thames and is now maintained as part of the Ansible by Red Hat project.
Changelog
All notable changes in salt-lint are documented below.
Unreleased
0.5.2 (2021-01-29)
Fixed
- Append the contents of the
CHANGELOG.md
file to the long description of the package instead of the duplicateREADME.md
contents (#234). - Ignore Jinja specific rules in Jinja escaped blocks (#236).
0.5.1 (2021-01-19)
Fixed
- Ensure all excluded paths from both the CLI and configuration are passed to the runner (#231).
0.5.0 (2021-01-17)
Added
- Rule 213 to recommend using cmd.run together with onchanges (#207).
- Rule 214 to check SLS file with a period in the name (besides the suffix period) as they can not be referenced by Salt (#209).
- Rules 901-915 to check for deprecated states and state options (#214).
- This
CHANGELOG.md
file to be able to list all notable changes for each version of salt-lint (#223).
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for salt_lint-0.5.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 464c3a8c096b4eca9fbcf003c79c62c39bf1444c94b8c1ac270f1e6e0d4ecf98 |
|
MD5 | 0cf6a817234f8ea9c128a47845c49d6a |
|
BLAKE2b-256 | b60b3970a2770097b2399dd02232a0173bf5642e2f0235fb4ae7b5ed2e185bac |